@wraps.dev/cli 2.17.23 → 2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -416,59 +416,93 @@ The CLI offers four presets that control which AWS resources are created:
416
416
  ### Custom
417
417
  Select individual features. Useful if you want event storage without a dedicated IP, or specific event types only.
418
418
 
419
- ## Automatic DNS Management
419
+ ## DNS Configuration
420
420
 
421
- During `wraps email init` and `wraps email upgrade`, the CLI can automatically create DNS records (DKIM, SPF, DMARC, MX) for your domain. Set the appropriate environment variable for your DNS provider:
421
+ During `wraps email init`, `wraps email inbound init`, and `wraps email upgrade`, the CLI creates DNS records for email authentication. You choose your DNS provider and the CLI either creates records automatically or shows you exactly what to add manually.
422
+
423
+ ### What Records Are Created
424
+
425
+ | Record | Type | Purpose | Required? |
426
+ |--------|------|---------|-----------|
427
+ | DKIM (3 records) | CNAME | Cryptographic signatures proving emails are from your domain | Yes |
428
+ | SPF | TXT | Authorizes Amazon SES to send email on behalf of your domain | Yes |
429
+ | DMARC | TXT | Policy for how receivers handle emails failing DKIM/SPF | Recommended (skip if you have one) |
430
+ | MAIL FROM MX | MX | Routes bounce notifications to SES for proper handling | Recommended for DMARC alignment |
431
+ | MAIL FROM SPF | TXT | Authorizes SES to send from the MAIL FROM subdomain | With MAIL FROM only |
432
+ | Tracking | CNAME | Routes open/click tracking through your domain | Optional |
433
+
434
+ The CLI shows all records before creating them and lets you select which to create. For example, if you already have a DMARC policy, you can deselect the DMARC record.
422
435
 
423
436
  ### Supported DNS Providers
424
437
 
425
- | Provider | Environment Variable | Optional |
426
- |----------|---------------------|----------|
427
- | AWS Route53 | *(uses AWS credentials)* | `AWS_PROFILE` |
428
- | Vercel DNS | `VERCEL_TOKEN` | `VERCEL_TEAM_ID` |
429
- | Cloudflare | `CLOUDFLARE_API_TOKEN` | `CLOUDFLARE_ZONE_ID` |
438
+ | Provider | Authentication | Required Token Scopes |
439
+ |----------|---------------|----------------------|
440
+ | AWS Route53 | Your AWS credentials | `route53:ChangeResourceRecordSets` |
441
+ | Cloudflare | API Token | Zone > DNS > Edit (for your zone) |
442
+ | Vercel DNS | API Token | Full Access, or scoped with DNS access |
443
+ | Manual | — | You add records yourself |
430
444
 
431
- ### Setup
445
+ ### Providing Credentials
446
+
447
+ **Option 1: Environment variables** (recommended for CI/CD and repeat use)
432
448
 
433
- **Vercel DNS:**
434
449
  ```bash
435
- # Create token at: https://vercel.com/account/tokens
436
- export VERCEL_TOKEN=your_token_here
450
+ # Cloudflare
451
+ export CLOUDFLARE_API_TOKEN=your_token
452
+ export CLOUDFLARE_ZONE_ID=your_zone_id # optional, auto-detected from domain
453
+
454
+ # Vercel
455
+ export VERCEL_TOKEN=your_token
456
+ export VERCEL_TEAM_ID=team_xxxxx # optional, for team accounts
437
457
 
438
- # Optional: specify team (for team accounts)
439
- export VERCEL_TEAM_ID=team_xxxxx
458
+ # Route53 uses your existing AWS credentials
459
+ aws configure
440
460
  ```
441
461
 
462
+ **Option 2: Interactive prompt**
463
+
464
+ If no environment variable is set, the CLI prompts you to paste your token during setup. The token is used for the current session only and is never stored to disk.
465
+
466
+ ### Creating API Tokens
467
+
442
468
  **Cloudflare:**
443
- ```bash
444
- # Create token at: https://dash.cloudflare.com/profile/api-tokens
445
- # Token needs: Zone.DNS (Edit) permission
446
- export CLOUDFLARE_API_TOKEN=your_token_here
447
469
 
448
- # Optional: specify zone ID (auto-detected if not set)
449
- export CLOUDFLARE_ZONE_ID=your_zone_id
450
- ```
470
+ 1. Go to https://dash.cloudflare.com/profile/api-tokens
471
+ 2. Click **Create Token**
472
+ 3. Use the **Edit zone DNS** template
473
+ 4. Under Zone Resources, select your domain's zone
474
+ 5. Create the token and copy it
451
475
 
452
- **AWS Route53:**
453
- ```bash
454
- # Uses your existing AWS credentials
455
- # No additional setup required if you have a hosted zone for your domain
456
- aws configure
457
- ```
476
+ **Vercel:**
477
+
478
+ 1. Go to https://vercel.com/account/tokens
479
+ 2. Click **Create**
480
+ 3. Give it a descriptive name (e.g., "wraps-dns")
481
+ 4. Set scope to your team if applicable
482
+ 5. Create and copy the token
458
483
 
459
484
  ### Manual DNS
460
485
 
461
- If you don't set up a DNS provider token, the CLI will show you the DNS records to add manually:
486
+ If you choose "Manual" or don't have a supported DNS provider, the CLI displays all required records grouped by purpose with copy-paste values:
462
487
 
463
488
  ```
464
- Add these DNS records to your DNS provider:
465
-
466
- CNAME abc123._domainkey.example.com
467
- abc123.dkim.amazonses.com
468
- TXT example.com
469
- "v=spf1 include:amazonses.com ~all"
470
- TXT _dmarc.example.com
471
- "v=DMARC1; p=quarantine; rua=mailto:postmaster@example.com"
489
+ DKIM (3 CNAMEs)
490
+ Cryptographic signatures proving emails are from your domain
491
+
492
+ CNAME abc123._domainkey.example.com
493
+ → abc123.dkim.amazonses.com
494
+
495
+ SPF (TXT)
496
+ Authorizes Amazon SES to send email on behalf of your domain
497
+
498
+ TXT example.com
499
+ → v=spf1 include:amazonses.com ~all
500
+
501
+ DMARC (TXT)
502
+ Policy for how receivers handle emails failing DKIM/SPF checks
503
+
504
+ TXT _dmarc.example.com
505
+ → v=DMARC1; p=quarantine; rua=mailto:postmaster@example.com
472
506
  ```
473
507
 
474
508
  ## Hosting Provider Integration